Online Attacks and Cyber Crime Leave Brands and Reputations Exposed

Social media is the great leveler, giving customers and employees unparalleled access to the public. However, as anyone knows (just ask the small B&B owner slated on TripAdvisor), giving everyone a voice can have painful results, particularly if the complaints are malicious and false.

The list of companies hacked and attacked online grows ever longer. Sony, JPMorgan Chase, and eBay are just a few recent examples of the threat of reputational damage online. Many companies also find themselves tackling such threats to their reputation from disgruntled former employees who use the anonymity and scope of the Internet to air their grievances and, at times, spread lies.

Tackling such an online attack is time-consuming and can be very costly, says Darren Matthews of K2 Intelligence. He gives the example of a company that dismissed an employee who then set up a website inviting people to comment on the company and its management team. Some 200 people joined the site and a litany of blogs appeared, including a significant amount of confidential information which had come from current employees, and some entirely made-up claims about the company and its CEO.

Before K2 Intelligence was engaged, the company had already paid the former employee an amount to take the site down. However, six months later a new site was back doing the same thing, this time with added salacious claims about affairs between executives.

“On this occasion, we managed to link the employee to the activity through one email sent from his home rather than one of his various covers, but it’s very difficult stop these attacks once they get going,” says Mr. Matthews. “You can ask Twitter or Facebook to close down a malicious account but the person will merely set up a new one; it’s so easy to set up these anonymous accounts.”

A company can investigate the claims, demonstrating they are false, and then go to court to ask the internet service provider to make public the IP address where the malicious emails are coming from. The company can then take out an injunction against the person at that address who is sending the messages or posting online.

Many people are also becoming very aware about IT and are using clever methods to hide their IP addresses. “The problem with that is, technologically astute people will use cafes, hotels, random domestic addresses or an IP cloak and after spending all that money to go to court you end up with the address of a Starbucks or a Russian warehouse,” says Mr. Matthews.

As such these types of cases are often best managed using a mix of investigative techniques, he says – using a combination of technical, open and human sources. If an attack is on a corporate, then employee interviews are often a good start, as the more interest there is in a malicious site, the more people in the company will be discussing it, and inevitably there will be speculation as to who has been involved with it.”

Former employees are also one of the major sources of cyber attacks on companies. “It doesn’t need a lot of knowledge to access a system remotely and cause trouble,” he says, citing the example of an IT subcontractor and former employee who brought a company’s manufacturing to a standstill by changing some of the company’s drivers. “This seemingly minor interference caused £550,000 of damage because the business could not print out any invoices or orders to enable manufacturing. On this occasion we utilized cyber and forensic expertise to close the holes and produce a short list of suspects, then confirmed the culprit through a combination of email reviews, staff interviews, review of CCTV, and ultimately a search of the suspect’s property. K2 Intelligence assisted the company in recovering costs through civil and criminal litigation.”

“Some companies are more at risk from ‘hacktivist’ campaigners with a grievance, or intrusion from foreign powers such as Iran or China, and while 99 percent are not, they still need to increase security around their sensitive information and have a plan for how to recover data if they are hacked.”

More and more companies believe it is a question of when, not if, their systems are broken into, says Mr. Matthews. “The proactive companies are in the best position—they’re doing regular risk reviews, training staff, and consistently reviewing their plans to keep up with changing threats,” he says. “If you have a good response plan in place you minimize the impact of a threat. Identify it early and have a better chance of catching the perpetrators.”